am 21. Januar 1999
If you are already a cryppie or other security professional, this book will not add much to your knowledge. But if you are a programmer or other systems person with a desire to familiarize yourself with the field, I can't recommend this book highly enough. A reasonably solid mathematical background is required to fully understand the algorithms, but the book is structured in such a way that you can skip most of the heavily technical stuff and still get a lot out of the read.
Because this is essentially an introductory text, generality is the name of the game. Pretty much everything is covered, but to a low, or medium at best, degree of depth. (Only DES is covered thoroughly.) However, the reference list in the back is huge, and you can use it to easily track down any more detailed information that you're after.
am 13. Dezember 1996
Habitues of sci.crypt will be familiar with Bruce Schneier's
*Applied Cryptography*; if any of them have but one text on crypto
for reference, it will almost certainly be *Applied Cryptography*.
It is the de facto standard reference on modern cryptography as
well as serving as an excellent introduction to the subject.
The art is very old - Julius Caesar was the first recorded user of
cryptography for military purposes - and reached a watershed when
computers were put to work in order to break German and Japanese
ciphers. Indeed, that was the first *real* application of electronic
computers. A natural development was the use of computers for the
development of cryptographic systems.
That is where Bruce Schneier's remarkable book begins. It is notable
for two reasons: the breadth and depth of coverage, and the high
standard of technical communication.
As a reference its scope is encyclopaedic, providing descriptions
and assessments of just about every non-military crypto system
developed since computers were first applied to the purpose. There
are also military-cum-government algorithms amongst the collection,
some from the old Soviet Union and others from South Africa. It is
not just an A-Z procession of algorithms; the author progresses
in a logical manner through the many technical aspects of cryptography.
It is common to find that masters of mysterious technical arts are
poor communicators. Bruce Schneier demonstrates exceptional skill
as a technical communicator. Here is a book about an esoteric
subject - one built on a foundation of theoretical mathematics - that
ordinary folk can read. Sure, one needs to be motivated by an interest
in the subject, and the technical level sometimes requires a more than
ordinary background in number theory and the like - but a degree in
theoretical mathematics is not necessary to derive pleasure and profit
from reading *Applied Cryptography*.
A thirty-page chapter provides a brief, but lucid account of the
necessary mathematical background, spanning information theory,
complexity theory, number theory, factoring, prime number generation,
and modular arithmetic. Even if one needs no other information than
a useful description of modular arithmetic the book is worth looking
at; I can't think of any better source outside full-blown mathematical
texts, and the author does it without being obscure.
The book is divided into parts, beginning with protocols (the
introductory chapter is an excellent overview of crypto as it
is presently applied) from the basic kind through to the esoteric
that find application in digital cash transactions. Public key
encryption, the second - and most significant - watershed in cryptography, is introduced with an explanation of how it is used
in hybrid systems.
Part II deals with cryptographic techniques and discusses the
important issues of key length, key management, and algorithm
types. The strength of a crypto system relies very heavily on the
length of the key, the way in which it is generated, and key
management. A chapter is devoted to the practical aspects of using
algorithms (which one, public-key as against symmetric crypto,
hardware versus software) for various purposes (such as
communications and data storage).
Part III is about particular algorithms, providing for each one
a background of its development, a description, its security, and
how it is likely to stand up to attack. The algorithms are divided
into classes: block (some twenty-one are described);
pseudo-random-sequence generators and stream ciphers (PKZIP is a
stream cipher); real random-sequence generators; one-way hash
functions; public-key; public-key digital signature; identification
schemes; key-exchange algorithms; and other special algorithms.
Many specific algorithms are described with information about
Part IV is entitled, The Real World; in the words of the author,
"It's one thing to design protocols and algorithms, but another
thing to field them in operational systems. In theory, theory
and practice are the same; in practice they are different".
A chapter discusses a number of implementations, including IBM
Secret-Key Management Protocol, Mitrenet (an early public-key
system), ISDN Packet Data Security Overlay, STU-III, Kerberos,
KryptoKnight, Sesame, PEM, PGP, MSP, smart cards, universal
electronic payment system, and Clipper.
Another chapter discusses politics and puts the problems of US
export restrictions into context and deals with patents. It also
has information about bodies with an interest in public access to
cryptography and standards, and legal issues.
An afterword by Matt Blaze should be required reading by everyone
who thinks a good cryptosystem is all that one needs for security;
the human factor can undo the strongest system.
A final part contains C source code for DES, LOKI91, IDEA, GOST,
Blowfish, 3-Way, RC5, A5, and SEAL. North American readers can
obtain a 3-disk set containing code for some forty-one algorithms,
four complete systems, source code for some other utilities,
text files, errata, and notes on new protocols and algorithms.
Who, apart from crypto professionals and aficionados, is likely
to find *Applied Cryptography* of interest? Anyone with an
intelligent interest in the art, and who wants something more
substantial than a quasi adventure account of modern crypto;
anyone with a responsibility for protecting data and/or
communications; network administrators; builders of firewalls;
students and teachers of computer science; programmers; and
anyone with a serious interest in theoretical mathematics - I'm
sure the list could be expanded considerably.
Apart from a book to be read, it is the most complete and up-to-date
resource and reference presently available. The list of references
(1653 of them) is a resource in its own right. An essential
acquisition for libraries.
The book, of necessity, contains highly technical material, but it
can be read. The publishers, Wiley's, are to be congratulated.
Reviewed by Major Keary firstname.lastname@example.org
DISCLAIMER: The opinions expressed are my own. I have no interest,
financial or otherwise, in the success or failure of this book,
and - apart from a review copy - I have received no compensation
from anyone who has.
am 16. Oktober 1998
An excellent, informative and entertaining introduction to this field.
The first third covers, in reasonably technical detail, the theory and mathematical implementation of cryptosystems. Much of this isn't necessary for the casual reader, but its the clearest explanation of this arcane stuff you're going to find anywhere.
The second third covers real-world applications of cryptosystems - electronic voting, cyber-money, key management and a thousand other inventive uses. Sufficiently non-technical for even a salesman to understand.
The last third covers the politics of modern encryption, and is more intriguing, exciting and informative than any Tom Clancy novel. This last part alone is worth the price of the book.
Schneier's writing style is informal, informative and often humourous. It's hard to believe anyone can write about such a (potentially) dry subject and yet include some genuine jokes!
Buy this book.
am 4. September 1998
The red cover of the book drew my attention while I was browsing the shelves of the library here. I borrowed the book and was immediately fascinated by the style of the book. Clear outlines, huge reference appendix for readers who want to delve further into particular subjects, not too much plain text on one page. It gives a perfect overview of the things a cryptographer, or just an interested amateur, needs to know about particular subjects.
There might be one little disadvantage (it wasn't for me though), and that's the rather superficial coverage of some of the concepts, especially the mathematical background (number theory, complexity theory) of cryptography. But the book is not intended to be a math book. If you want to study the mathematics of cryptography, read Konheim or Niederreiter. If you want to study the concepts that underly the many fields of cryptography, read Schneier.
am 10. August 1997
If you have *ANY* interest whatsoever in cryptography (public keys, private keys, RSA, government policies (sic), etc), then this is *THE* book for you. Bruce does a very good job of explaining a very difficult subject. The book covers *EVERYTHING*, from A-Z on the subject,so if you want to understand how public keys work, you can read up on that, similarly, if you want to understand how linear feedback shift registers work, there is a section on that also.
Bruce does *NOT* have a very high opinion of our exalted leaders in Washington, which shows in the book, and the style is very conversational, with a number of humorous lines and comments thrown in. This kept me wide awake through all 700 pages.
The bibliography is extensive, and even includes some good books on WWII cryptography and the Enigma machine used by the Germans.
If you only buy 1 book on cryptography, buy this one!